3 matches found
CVE-2024-5409
RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in /admin/lib/phpthumb/phpthumb.php. An attacker could create a malicious URL and send it to a victim to obtain their session details...
RhinOS 代码注入漏洞
RhinOS is a web development framework. A code injection vulnerability exists in RhinOS version 3.0-1190, which stems from the ease of injecting PHP code via the search parameter in /portal/search.htm, which could lead to an attacker executing a reverse shell and compromising the entire...
RhinOS 安全漏洞
RhinOS is a web development framework. A security vulnerability exists in RhinOS version 3.0-1190, which originates from an easy cross-site scripting XSS attack via the search parameter in /portal/search.htm, which allows an attacker to steal details of a victim's user session by submitting a...